A series of natural gas pipeline sector companies are being targeted by a cyber attack that appears to have been launched in December, according to a notice from the Department of Homeland Security.

The threat was disclosed in a monthly note published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a DHS division devoted to cybersecurity.

"DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies," said DHS spokesman Peter Boogaard.

According to the ICS-CERT memo, "Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the emails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization."

Spear-phishing attacks are efforts to get employees to click on e-mail attachments.

Some attackers have become so sophisticated in their efforts that they research known employees on Internet social sites and then craft an e-mail that appears to come from someone who is known to the intended target.

Once the target clicks on the e-mail, malicious material can easily be uploaded, or systems monitored, often without the person ever knowing about it.

In this case, government investigators have been able to identify the nature of the attacks, but not necessarily the exact size or scope yet.

"DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," Boogaard said.

The cyber attack appears to have been reported by the private sector companies that would have had access to the information, namely, those under attack.

The self reporting of such attacks has been at the heart of cyber legislation debates on the Hill as lawmakers struggle to find more effective ways to convince private sector companies to not only report, but then to allow the government access to its databases so that it can better understand the source and intention of the attacker or attackers.

In this case, according to the memo, ICS-CERT has not only been able to analyze the data, but it has also gained a prime position from which to monitor the malicious activity - something that generally leads investigators back to not only the source of the attack, but can also allow them to glean clues about the intention and sophistication of the attacker.

Sometimes in cyberspace, it’s what you don’t know that creates the most anxiety. ICS-CERT hasn’t yet said whether it knows what the cyber attackers were hoping to do.

I think the interesting aspect of the story is how the basis for the attack is e-mails that look like they come from co-workers and may very well include relevant personal details.

Generally speaking I sure hope that people aren’t blindly opening attachments just because an e-mail appears to come from someone they know. Everyone does realize that it is possible to fake an e-mail’s from address, right?

The Department of Homeland Security should change their name to the Department of Homemade Paranoia...
All they do is take small issues and blow them waaay out of proportion and scare the crap out of Americans.
Reading the other comments on here, you can see that everyone seems to believe that it's some sort of Terrorist Attack or a giant Conspiracy.
I've worked in the Control System industry for years and this is nothing new...yet now, it seems to be a 'Terrorist Attack'.
Cyber Security is a business...don't confuse it with your Safety. ICS-CERT posts a report and the companies then need to spend millions of dollars updating their systems.

Most of you seem to believe attacks like this originate in the USA or somewhere else where justice could be dealt out. There are more than one of the less friendly nations that have university level schools teaching their "students" how to do these (and worse) attacks. They've been going on for at least ten years. I would suggest you get a copy of Clarke's book "Cyber War" and read it. If you still aren't concerned after reading it, go back to sleep!

I don't believe it would be an Eco-terrorist group. They would have no desire to do anything of this sorts. If you want a better understanding on why protections should be provided to private industry you should read the book Cyber War. Critical infrastructure disruption isn't about making big corporations lose money, its about impacting America as a whole.

YES & NO , WHERE & WHEN DOES A HACKER BECOME A TERRORIST , well if all traffic lights at an intersection were to become GREEN AT THE SAME TIME , and if that could be repeated by a hacker , than that hacker is a terrorist because the end result ends in terror , anything to do with our nation security on any level is to be defended , and if it is attacked by parties of no nation or military than they are terrorist.

SO since oil and natural gas piplines are part of our national security , screwing with these on any level must be seen for what it is . we have all seen the results of natural gas events on TV and they are not pretty. and oil spills also are a disaster , and the supply is stoped when things like this occur , so I say if idiots are going to play with our bridges like the five idiots last week , and we see them as terrorist , well we must see through the same lense and ID idiots that play with our oil and natural gas on any level as terrorist . HANDS OFF & CYBER ATTACKS IS STILL AN ATTACK !

ITS TIME THAT THESE IDIOTS RECIEVE LIFE SENTANCES FOR SCREWING WITH OUR ENERGY RESOURCES

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.

Search Security Clearance

Share this blog

About this blog

CNN's Security Clearance examines national and global security, terrorism and intelligence, as well as the economic, military, political and diplomatic effects of it around the globe, with contributions from CNN's national security team in Washington and CNN journalists around the world.